Kotlin
CVE-2022-24329
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 4,087 maven packages depend on org.jetbrains.kotlin:kotlin-stdlib (705 direct, 3,411 indirect)
Ecosystem-wide dependent count for version 1.6.0.
DescriptionNVD
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
AnalysisAI
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-829. In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. Affected products include: Jetbrains Kotlin, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Pricing Design Center. Version information: before 1.6.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, pote
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubn
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Rated high severity (CVSS 8.8)
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle arti
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an
Remote code execution in JetBrains Kotlin before 2.4.20 stems from unsafe deserialization (CWE-502) of build cache metad
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today